alpine 3.7
crypto weakness #270

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

partimage/src/partimage-0.6.9/src/client/netclient.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 crypto weakness.

 
// return 0 if pass good else !0
// login/pass may be "nologin"/"nopass" if compiled with no login
unsigned int CNetClient::SendPass(char * login, char * pass)
{
  int nRes;
  unsigned int nSize;
  char * szSalt;
  char * szPasswd;
  char * ok = (char *) malloc(5);

// send login
  nSize = strlen(login)+1;
  nRes = Send(&nSize, sizeof(unsigned int));
  nRes = Send((void *) login, nSize);

  nRes = Recv(&nSize, sizeof(unsigned int));
  szSalt = (char *) malloc (nSize);
  nRes = Recv(szSalt, nSize); 

#ifdef MUST_LOGIN
  #ifdef HAVE_PAM
    szPasswd = strdup(pass);
  #else     
    szPasswd = crypt(pass, szSalt);
  #endif
#else
  szPasswd = strdup(pass);
#endif

// send password
  nSize = strlen(szPasswd)+1;
  nRes = Send(&nSize, sizeof(unsigned int));
  nRes = Send((void *) szPasswd, nSize);

// check answer
  nRes = Recv(ok, 4+1); // preserve endding \0
  *(ok+4) = '\0';
  nRes = strcmp(ok, " ack");
  free(ok);
  free(szSalt);
  
  return nRes;
}

CExceptions * CNetClient::RecvExcep(const char * msg)
{
  DWORD dwArg1, dwArg2, dwErrCode, dwAux;
  char * szArg1;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.